Tenda Ac6 Firmware vulnerabilities

CVE-2023-2923 [CRITICAL] CWE-121 CVE-2023-2923: A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to

CVE-2023-26976 [HIGH] CWE-787 CVE-2023-26976: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in th Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

CVE-2022-45641 [HIGH] CWE-120 CVE-2022-45641: Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.

CVE-2022-45673 [MEDIUM] CWE-352 CVE-2022-45673: Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTo Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.

CVE-2022-45674 [MEDIUM] CWE-352 CVE-2022-45674: Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTo Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.

CVE-2022-45640 [HIGH] CWE-787 CVE-2022-45640: Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).

CVE-2022-41485 [HIGH] CWE-120 CVE-2022-41485: Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in t Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2022-25451 [CRITICAL] CWE-787 CVE-2022-25451: Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in th Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.

CVE-2022-25456 [CRITICAL] CWE-787 CVE-2022-25456: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g paramete Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.

CVE-2022-25446 [CRITICAL] CWE-787 CVE-2022-25446: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime param Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function.

CVE-2022-25461 [CRITICAL] CWE-787 CVE-2022-25461: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.

CVE-2022-25459 [CRITICAL] CWE-787 CVE-2022-25459: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.

CVE-2022-25445 [CRITICAL] CWE-787 CVE-2022-25445: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in th Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.

CVE-2022-25452 [CRITICAL] CWE-787 CVE-2022-25452: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in th Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.

CVE-2022-25447 [CRITICAL] CWE-787 CVE-2022-25447: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime paramet Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.

CVE-2022-25458 [CRITICAL] CWE-787 CVE-2022-25458: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter i Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.

CVE-2022-25450 [CRITICAL] CWE-787 CVE-2022-25450: Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in th Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.

CVE-2022-25454 [CRITICAL] CWE-787 CVE-2022-25454: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter i Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.

CVE-2022-25457 [CRITICAL] CWE-787 CVE-2022-25457: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.

CVE-2022-25453 [CRITICAL] CWE-787 CVE-2022-25453: Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in th Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.